HP LoadRunner lrFileIOService ActiveX WriteFileString Method Traversal Vulnerability

Added: 10/17/2013
CVE: CVE-2013-4798
BID: 61443
OSVDB: 95642

Background

HP LoadRunner is a software performance testing solution. HP LoadRunner includes the lrFileIOService ActiveX control.

Problem

HP LoadRunner before 11.52 is vulnerable to remote code execution. The lrFileIOService ActiveX control exposes the WriteFileString method which does not properly sanitize user supplied input. A remote attacker who persuades a user to open a crafted web page containing directory traversal style attacks (e.g. '../../') can write a file to an arbitrary location, thereby possibly resulting in code execution.

Resolution

Upgrade to HP LoadRunner 11.52 or higher as indicated in HP Security Bulletin HPSBGN02905 SSRT101083.

References

http://secunia.com/advisories/54138/

Limitations

This exploit was tested against HP LoadRunner 11.50 on Windows XP SP3 English (DEP OptIn). The user must open the exploit in Internet Explorer.

Platforms

Windows

Back to exploit index